Op-Ed: AntiSec hack of 12 million Apple IDs gets ridiculous denials

Sydney
-
Does this sound familiar? Massive security breach, queue of people denying it’s important, nobody’s responsible and a bit of propaganda. As usual, a simple denial followed production of facts. Looks like nobody’s even pretending to cover up any more

The story is that AntiSec, a hacking group related to Anonymous, obtained 12 million records of Apple users, supposedly from the laptop of an FBI agent. Those who use Apple products will be aware of the type of information provided to Apple on purchase of their products. This is fairly basic stuff, but it’s also a healthy slice of personal ID.

AntiSec released user ID numbers, 40 character identifying numbers. These numbers are not of themselves a way of accessing information related to users. It looks more like they were used as proof of having obtained the information.

While the leaked identification numbers appeared to be real, security experts said the release posed little risk. They said that without more information on the devices’ owners — like e-mail addresses or date of birth — it would be hard for someone to use the numbers to do harm.

Not so much of a surprise. The “controlled release” of the Apple user information was apparently vetted by hacker group AntiSec to make a point, not damage user security. They had a lot more info than just user IDs to play with.

A little more information than was contained in The New York Times article comes from CBS News:

Antisec claims that it breached the laptop of FBI special agent Christopher K. Stangl. The group says a spreadsheet on Stangl's computer contained a list over 12 million Apple devices and included UDIDs, user names, name of device, type of device, Apple push notification service tokens, zip codes, mobile phone numbers and addresses.

That is a hell of a lot of sensitive personal information. You could swipe 12 million identities with that material.

NYT apparently also had a few bones to pick with Anonymous, which recently targeted the newspaper.

In February, Anonymous hackers intercepted a call between the bureau and Scotland Yard. But the frequency of such attacks tapered off after several members of Anonymous and a spinoff group, LulzSec, were arrested in March.

PR scam? Someone gets 12 million user information files with authentic ID numbers and it’s a PR scam for Anonymous? What are they trying to do, sell more cookies by forcing Apple users to buy them or they’ll release their info? Start a chat show and they need the publicity?

This is the other usual component of security excuse-making. The security that was breached, either the FBI’s, Apple’s or more likely both, is obviously is a major contract for somebody. Trivialize the security breach, and downplay the significance of the failure of security, however colossal. Someone will be dumb enough to believe the excuse.

This ridiculous crap is also pretty similar to the Wikileaks pattern of denial. The military dropped the ball on security of major information streams. The information was allegedly accessed by Bradley Manning, and was released by Wikileaks. Not one other person responsible for security has even been mentioned as having any sort of accountability for that colossal failure. The motives of the leaks were the first thing targeted by the spin factories.

The idea of a protest rarely gets through. All of this brings us back to Trapwire. If surveillance is the game, the information obtained by Trapwire obviously can’t be secure. Personal information can be obtained by security systems which are themselves insecure. Legitimate surveillance of actual criminals and terrorists could be compromised and made accessible to the people under surveillance. That information could also be “edited”.

What a joke. That would mean that the surveillance systems could be working for the people they’re supposed to be working against. The possibility of terrorists being aware of surveillance might not be so hilarious, though.

Where the game ends and reality begins

Reality is likely to become a bit tactless at some point regarding this cosy “do nothing and blame others” routine.

The fact that these “secure” systems can be hacked so easily shouldn’t much encouragement for the seat-warmers in these agencies. Fortunately for the US government, effective hackers who can obviously achieve much higher levels of penetration than even nationally-backed foreign hackers aren’t actually carrying out any destructive actions.

They could. The number of soft targets is multiplying in direct ratio to the security craze. The irony is that all the new security software and security systems are creating more holes. The “new” (you’re kidding!) keylogger software used by ultra-paranoid employers is a great template for anyone to make their own snooping kit. So are most of the other components of those software packages. Surveillance camera systems can be hacked. Data systems containing secret information are apparently very easy to access.

Anyone who thinks “surveillance” and “security” are the answers to anything is out of their minds.

The problem is that nobody’s even pretending to be trying to understand the basics. AntiSec made a valid point. The point was ignored and spun into a sort of cultural good guys/bad guys fluff response. Not one single issue related to the actual theft of information was even addressed. Even The New York Times stuck to “reporting” more than defining the issues.

When the messengers routinely won’t deliver the message, the law routinely won’t admit mistakes applying to itself and the experts make stupid statements, you have a problem. Combine that with a culture of denial of disasters.

These are the people who are supposed to be trusted to carry out massive surveillance?

They can’t even keep an eye on who’s stealing their own information.

They refuse to take responsibility for their own mistakes.

If a security guard makes a mistake, he’s usually fired. If a national agency, a global company and their security fail miserably and in theory put the personal information of millions of people at risk, it’s called “a PR scam.”

Just for the record, FBI, Apple, etc., what would happen if some naughty people got their hands on that information?

You’d be legally responsible.

Think about it, and get someone to explain to you what 12 million people filing a class action or several thousand class actions can do.

Now do you get the picture, and what’s wrong with this situation?

Doesn’t matter how thick your skins or your heads, this sort of thing can get you. You’re not doing your jobs even in theory, and nobody’s going to save your skins if anything hits the fan.

This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com